| 发明名称 | Relationship-based authorization | ||
| 摘要 | Methods and apparatus, including computer program products, related to relationship-based authorization. In general, data characterizing a request for authorization to a computer-based resource is received, and the authorization may be provided based on one or more relationships of a requesting principal. A determination may be made as to whether a requesting principal is authorized, which may include determining whether the requesting user has a relationship with a principal that has management rights of the computer-based resource and determining whether the relationship allows for an access, such as a use of the computer-based resource, if the requesting principal has a relationship with the other principal. If there is no such relationship, a determination may be made as to whether an organization of the requesting principal has a relationship with the other principal that allows for the access. | ||
| 申请公布号 | US9325692(B2) | 申请公布日期 | 2016.04.26 |
| 申请号 | US201414444142 | 申请日期 | 2014.07.28 |
| 申请人 | Medox Technologies, Inc. | 发明人 | Beck Michael |
| 分类号 | H04L29/06;G06F19/00;G06F21/33;G06F21/62;G06Q50/22;G06Q50/24;G06F21/31 | 主分类号 | H04L29/06 |
| 代理机构 | Mintz Levin Cohn Ferris Glovsky and Popeo, P.C. | 代理人 | Mintz Levin Cohn Ferris Glovsky and Popeo, P.C. |
| 主权项 | 1. A non-transitory computer program product, tangibly embodied in a computer-readable media, the computer program product comprising instructions to cause data processing apparatus to perform operations comprising: receiving data characterizing a request for authorization to access a computer-based resource by a principal; determining whether the requesting principal is authorized for the access to the computer-based resource, the determining occurring using a relationship repository comprising one or more data structures containing relationships, the data structures being separate and non-referential from the computer-based resource, the determining comprising: determining whether the requesting principal has an implicit relationship with a principal that has management rights of access to the computer-based resource, the implicit relationship implied by attributes of another relationship and determined based on an action of the requesting principle; determining whether the implicit relationship allows for the access to the computer-based resource; and providing authorization for the requesting principal to the computer-based resource. | ||
| 地址 | |||